[CLUE-Tech] Auto blocking hosts w/ iptables
Chris Schock
black at clapthreetimes.com
Thu Jul 29 14:13:32 MDT 2004
Definitely look at Snort, it DOES have that ability and is probably a lot
more flexible as well. I just read the docs on it and that new
functionality is very impressive - you can automatically reset their
connections, log what they're doing for forensics, etc.
It's been a couple years since I've used portsentry but one of the reasons
I stopped using it is because I had it set fairly paranoid and locked
myself out of my own gear while on the road more than once. While I'm not
blaming portsentry for this, I do believe snort gives you more control.
> Thanks for the info. Looks like PortSentry might be what I'm looking
> for (I like its ability to execute user defined code if/when a port
> scan is detected ... wonder if Snort has a similar feature).
>
More information about the clue-tech
mailing list